Finally, Adobe Signs Death Warrant for Flash Player

More than two decades after Flash debuted in the market, the software that made the Internet a better place with all its graphics, games, animations, and applications has now reached the end of its journey.

On Tuesday, July 25th, Adobeannounced on its blog site that it would be ending the life of Flash.

Felicity Smoak | Pinterest.com

The software company cited how “browser vendors are integrating capabilities once provided by plugins directly into browsers and deprecating plugins” as the primary reason for their decision.

“Over time, we’ve seen helper apps evolve to become plugins, and more recently, have seen many of these plugin capabilities get incorporated into open web standards.”

Adobe further stated that it would cease updating and distributing Flash Player at the end of 2020. The company encourages content creators to migrate any existing Flash content to new open formats such as HTML5.

Adobe Flash: What Went Wrong?

While it is true that Flash paved the way to make the Internet a cool place by bringing to the masses animations, games, and online videos, the software has been plagued with bugs that made people and developers hate it.

“Ding dong, Flash is dead.” | Imgur.com

Remember the critical Zero-Day Vulnerability in 2015?

Adobe was forced to roll out an emergency software patch for its Flash Player when the company found that the said vulnerability has been exploited by hackers in the wild.

The vulnerability, remote codeCVE-2015-3113, was said to be an execution bug that enabled hackers to take control of any affected computer. The primary systems targeted by the cyber criminals were those running Internet Explorer on Windows 7 and Firefox on Windows XP.

The bug was discovered by FireEye researchers when they noticed it was actively exploited in a phishing campaign that targets companies involved in defense, high technology, aerospace, telecommunications, transportation, and many more fields.

What worsened the problem was the fact that most, if not all, computer systems and web browsers that time were installed with Flash, forcing millions of users around the world to update their software with the emergency patch.

How Flash zero-day attack via malvertisement works. | trendmicro.com

If that was not enough to roast Flash, a few months after the emergency patch was released, another zero-day exploit was discovered. This time, the new zero-day vulnerability was found to be being exploited by a Russian state-sponsored hacking group dubbed as ‘Pawn Storm.’

Even before the infamous zero-day vulnerability happened, computer vendors and Internet sites had already started shifting away from Flash.

In 2010, it was reported that Steve Jobs removed Adobe Flash from the iPhone citing the software’s safety issues as the reason. In January 2015, Youtube also moved away from Flash for delivering its videos. Around that same time, Google Chrome started blocking auto-playing Flash ads by default.

In an article published by Wired, Jérôme Segura, a lead malware analyst at Malwarebytes, said:

“Flash has been a favorite amongst exploit kit authors for several years. Due to an alarming number of zero-day exploits distributed via large malvertising campaigns in recent years, many in the security community have urged users to completely remove Flash from their machines.”

As per Adobe, they would still be partnering with Apple, Google, Facebook, Microsoft and Mozilla to offer security updates for Flash Player in their web browsers as well as support new versions of the software but will not provide any new Flash feature until 2020.

“We remain fully committed to working with partners, including Apple, Facebook, Google, Microsoft and Mozilla to maintain the security and compatibility of Flash content. In addition, we plan to move more aggressively to EOL Flash in certain geographies where unlicensed and outdated versions of Flash Player are being distributed.”

Take note of the date, December 31, 2020, for Adobe Flash Player’s funeral.